This change is generated by `go1.23rc2 fix ./...`.
Had to use go1.23rc2, since all released go versions have a bug
preventing it from working with `go 1.22.0` in go.mod (opened
https://github.com/golang/go/issues/68825,
https://github.com/golang/go/issues/68824 for awareness).
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
If errors for which os.IsExist() or os.IsNotExist() would have returned
true have been wrapped using fmt.Errorf()'s "%w" verb, os.IsExist() and
os.IsNotExist(), not having been retrofitted to use errors.Is(), will
return false.
Use errors.Is() to check if an error is an os.ErrExist or os.ErrNotExist
error instead of calling os.IsExist() or os.IsNotExist().
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
We now use the golang error wrapping format specifier `%w` instead of
the deprecated github.com/pkg/errors package.
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
Label stdio pipes to ensure that processes we run can read through
/dev/stdin and write through the /dev/stdout and /dev/stderr links.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
It should work fine on linux and not linux boxes. Since there
is no glibc added, we can safely compile and run this code
on non SELinux boxes.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Use the copier package to rework how we handle ADD and COPY.
When evaluating cache for content that's being copied/added in, switch
from (digest the data, check for a cache entry, then maybe copy the data
and create the new layer) to (copy the data and create the new layer,
digesting as we go, check for a cache entry, either commit or discard
the new layer).
Use the copier package for ADD, COPY, and for ensuring that a specified
directory exists in the working container's rootfs.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
When we're built with support for SELinux, refrain from setting process
and mount labels if SELinux isn't detected as enabled at runtime.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #1542
Approved by: rhatdan
When seccomp is not enabled, make sure to clear any default setting
which runtime-tools supplied for us. Likewise, if SELinux is not
enabled, don't set a process label or a mount label.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Closes: #988
Approved by: rhatdan
Kir Kolyshkin
Nalin Dahyabhai
Sascha Grunert
Daniel J Walsh